Security flaws found in fix for Firefox, SeaMonkey

By Dawn Kawamoto
Staff Writer, CNET News.com Published: March 6, 2007 8:07 AM PST

Tools

Related Stories: Mozilla releases security updates
February 23, 2007

Mozilla Foundation on Monday issued a critical fix designed to address vulnerabilities in a recent security update for the Firefox browser and SeaMonkey application suite.

The security flaws were discovered in Firefox 1.5.0.9 and 2.0.0.1, as well as in SeaMonkey 1.0.7, according to a security advisory posted by Mozilla.

Security researchers say the initial fix, issued in mid-December, was designed to address vulnerabilities in Firefox, SeaMonkey and Mozilla's Thunderbird e-mail client. But that particular fix introduced a flaw that could allow JavaScript code from Web content to be exploited, then lead to the execution of arbitrary code.

Mozilla advises Firefox users to upgrade to version 1.5.0.10 and 2.0.0.2, and SeaMonkey users to update to version 1.1.1 and 1.0.8.

Disabling JavaScript will not protect users from the vulnerabilities, Mozilla warned.

More from News.com on this story's topics: Patches
RSS feed; Web browsers
Create an email alert | RSS feed; Flaws
RSS feed

See more CNET content tagged:
Mozilla Corp., Firefox, fix, vulnerability, flaw

Add a Comment (Log in or register) 5 comments (Page 1 of 1)

The FF 2.0.0.2 upgrade was..
by i_made_this March 6, 2007 10:03 AM PST: ..released on 23rd February, not on "this Monday " (5th March) as the article inaccurately states.; Reply to this comment View reply
Processing